Could you avoid GDPR if you don't have “Users”

It applies for any personal data. A phone number is personal data.

However, if you don't store and personal data, sure.

I'm not an expert, nor even a lawyer (hint - if it likely impacts you consult one prior to taking random advice from a forum obviously) with that said -

From [1] a quick scan showed up something so I think even storing a phone number would fall under it as in "indirect identifier" - to quote

>>There are more factors to consider with indirect identification. Indirect identification means you cannot identify an individual through the information you are processing alone, but you may be able to by using other information you hold or information you can reasonably access from another source. A third party using your data and combining it with information they can reasonably access to identify an individual is another form of indirect identification.

An easy example of information that could be used to indirectly identify someone is an individual’s license plate number. The police (a third party) can quickly match a name to a license plate number.>>

So given that phone numbers can be traced back to an individual, I would guess that it would fall under the GDPR. Especially since (I would assume) you would be recording the orginators IP address [1] https://gdpr.eu/eu-gdpr-personal-data/

Phone numbers can be used to identify a person in many cases so storing phone numbers are potentially covered under GDPR. Your real problem with asking any GDPR question is that there is no to very limited case law (settled, public law suits) so it is hard to be sure about anything. Compound that with different interpretations in different countries and you have a big bag of who knows.

The question might be better as: 1. Can they catch you? 2. Will they try to catch you if they can? 3. If caught, what can they do to you? 4. Will they try to do something to you if they can?

I think the answer will be different in different countries and circumstance.